[Bug 239894] [NEW] CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Emanuele Gentili
emgent at ubuntu.com
Sat Jun 14 01:26:15 BST 2008
*** This bug is a security vulnerability ***
Public security bug reported:
The ap_proxy_http_process_response function in mod_proxy_http.c in the
mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not
limit the number of forwarded interim responses, which allows remote
HTTP servers to cause a denial of service (memory consumption) via a
large number of interim responses.
** Affects: apache2 (Ubuntu)
Importance: High
Assignee: Emanuele Gentili (emgent)
Status: Confirmed
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2364
** Changed in: apache2 (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Emanuele Gentili (emgent)
Status: New => Confirmed
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list